5:26 a.m.
Hi Guys,
We are building a system, including 3 subsystems for a big website.
and iOS and Android app. We use KeyCloak as the SSO server for all
subsystems, and then we also want to use KeyCloak for iOS and Android
as the login server. But for iOS, Android we want to use native login
page not the html page provide by KeyCloak adapter. but I read all
documents and discussions, I didnt find a way how to implement it.
Anybody can help me? thanks.
Joey
6:57 a.m.
You can do that using direct access grants if you search the docs for it.
However, we have native apps and just skinned our login pages to be
responsive and look great on mobile.
The latter option is a better approach especially if you plan to implement
2FA.
On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com> wrote:
Hi Guys,
We are building a system, including 3 subsystems for a big website.
and iOS and Android app. We use KeyCloak as the SSO server for all
subsystems, and then we also want to use KeyCloak for iOS and Android
as the login server. But for iOS, Android we want to use native login
page not the html page provide by KeyCloak adapter. but I read all
documents and discussions, I didnt find a way how to implement it.
Anybody can help me? thanks.
Joey
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:39 a.m.
Hello,
I adapted an Android based OpenID Connect Demo Application to work with
Keycloak.
In Keycloak I created a confidential client with direct access grants as
Scott described.
https://github.com/thomasdarimont/android-openid-connect/tree/feature/key...
See the recent commits in the feature/keycloak-oidc-demo branch.
Cheers,
Thomas
2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
You can do that using direct access grants if you search the docs for
it.
However, we have native apps and just skinned our login pages to be
responsive and look great on mobile.
The latter option is a better approach especially if you plan to implement
2FA.
On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com> wrote:
> Hi Guys,
>
> We are building a system, including 3 subsystems for a big website.
> and iOS and Android app. We use KeyCloak as the SSO server for all
> subsystems, and then we also want to use KeyCloak for iOS and Android
> as the login server. But for iOS, Android we want to use native login
> page not the html page provide by KeyCloak adapter. but I read all
> documents and discussions, I didnt find a way how to implement it.
> Anybody can help me? thanks.
>
>
> Joey
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:21 p.m.
Thanks Guys, sorry for reply so late. I will try your solutions later. thanks.
On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
<thomas.darimont(a)googlemail.com> wrote:
Hello,
I adapted an Android based OpenID Connect Demo Application to work with
Keycloak.
In Keycloak I created a confidential client with direct access grants as
Scott described.
https://github.com/thomasdarimont/android-openid-connect/tree/feature/key...
See the recent commits in the feature/keycloak-oidc-demo branch.
Cheers,
Thomas
2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
>
> You can do that using direct access grants if you search the docs for it.
> However, we have native apps and just skinned our login pages to be
> responsive and look great on mobile.
>
> The latter option is a better approach especially if you plan to implement
> 2FA.
>
> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com> wrote:
>>
>> Hi Guys,
>>
>> We are building a system, including 3 subsystems for a big website.
>> and iOS and Android app. We use KeyCloak as the SSO server for all
>> subsystems, and then we also want to use KeyCloak for iOS and Android
>> as the login server. But for iOS, Android we want to use native login
>> page not the html page provide by KeyCloak adapter. but I read all
>> documents and discussions, I didnt find a way how to implement it.
>> Anybody can help me? thanks.
>>
>>
>> Joey
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
4:35 a.m.
I highly recommend using an embedded webview and not use native login and
direct grant api. That is best practice both for Keycloak and OIDC in
general.
On 26 September 2016 at 05:21, Joey <huazonglin(a)gmail.com> wrote:
Thanks Guys, sorry for reply so late. I will try your solutions
later.
thanks.
On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
<thomas.darimont(a)googlemail.com> wrote:
> Hello,
>
> I adapted an Android based OpenID Connect Demo Application to work with
> Keycloak.
> In Keycloak I created a confidential client with direct access grants as
> Scott described.
>
> https://github.com/thomasdarimont/android-openid-
connect/tree/feature/keycloak-oidc-demo
> See the recent commits in the feature/keycloak-oidc-demo branch.
>
> Cheers,
> Thomas
>
> 2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
>>
>> You can do that using direct access grants if you search the docs for
it.
>> However, we have native apps and just skinned our login pages to be
>> responsive and look great on mobile.
>>
>> The latter option is a better approach especially if you plan to
implement
>> 2FA.
>>
>> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com> wrote:
>>>
>>> Hi Guys,
>>>
>>> We are building a system, including 3 subsystems for a big website.
>>> and iOS and Android app. We use KeyCloak as the SSO server for all
>>> subsystems, and then we also want to use KeyCloak for iOS and Android
>>> as the login server. But for iOS, Android we want to use native login
>>> page not the html page provide by KeyCloak adapter. but I read all
>>> documents and discussions, I didnt find a way how to implement it.
>>> Anybody can help me? thanks.
>>>
>>>
>>> Joey
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:14 a.m.
Let's be careful with using Webviews, for instance, Google will soon block
any OAuth interactions that use the webviews (
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-...
) , instead they recommand using the mobile browser. For Cordova apps,
keycloak.js already works with inappbrowser that opens a "external"
browser, isolated from the app.
On Thu, Sep 29, 2016 at 11:35 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
I highly recommend using an embedded webview and not use native login
and
direct grant api. That is best practice both for Keycloak and OIDC in
general.
On 26 September 2016 at 05:21, Joey <huazonglin(a)gmail.com> wrote:
> Thanks Guys, sorry for reply so late. I will try your solutions later.
> thanks.
>
> On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
> <thomas.darimont(a)googlemail.com> wrote:
> > Hello,
> >
> > I adapted an Android based OpenID Connect Demo Application to work with
> > Keycloak.
> > In Keycloak I created a confidential client with direct access grants as
> > Scott described.
> >
> > https://github.com/thomasdarimont/android-openid-connect/
> tree/feature/keycloak-oidc-demo
> > See the recent commits in the feature/keycloak-oidc-demo branch.
> >
> > Cheers,
> > Thomas
> >
> > 2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
> >>
> >> You can do that using direct access grants if you search the docs for
> it.
> >> However, we have native apps and just skinned our login pages to be
> >> responsive and look great on mobile.
> >>
> >> The latter option is a better approach especially if you plan to
> implement
> >> 2FA.
> >>
> >> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com> wrote:
> >>>
> >>> Hi Guys,
> >>>
> >>> We are building a system, including 3 subsystems for a big website.
> >>> and iOS and Android app. We use KeyCloak as the SSO server for all
> >>> subsystems, and then we also want to use KeyCloak for iOS and Android
> >>> as the login server. But for iOS, Android we want to use native login
> >>> page not the html page provide by KeyCloak adapter. but I read all
> >>> documents and discussions, I didnt find a way how to implement it.
> >>> Anybody can help me? thanks.
> >>>
> >>>
> >>> Joey
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user(a)lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:21 a.m.
That's very interesting, thanks for sharing.
Has someone already used the AppAuth apps they mentioned in the google
developers article with Keycloak?
e.g.: https://github.com/openid/AppAuth-Android
Cheers,
Thomas
2016-09-29 12:14 GMT+02:00 Sebastien Blanc <sblanc(a)redhat.com>:
Let's be careful with using Webviews, for instance, Google will
soon block
any OAuth interactions that use the webviews (
https://developers.googleblog.com/2016/08/modernizing-oauth-
interactions-in-native-apps.html ) , instead they recommand using the
mobile browser. For Cordova apps, keycloak.js already works with
inappbrowser that opens a "external" browser, isolated from the app.
On Thu, Sep 29, 2016 at 11:35 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> I highly recommend using an embedded webview and not use native login and
> direct grant api. That is best practice both for Keycloak and OIDC in
> general.
>
> On 26 September 2016 at 05:21, Joey <huazonglin(a)gmail.com> wrote:
>
>> Thanks Guys, sorry for reply so late. I will try your solutions later.
>> thanks.
>>
>> On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
>> <thomas.darimont(a)googlemail.com> wrote:
>> > Hello,
>> >
>> > I adapted an Android based OpenID Connect Demo Application to work with
>> > Keycloak.
>> > In Keycloak I created a confidential client with direct access grants
>> as
>> > Scott described.
>> >
>> > https://github.com/thomasdarimont/android-openid-connect/tre
>> e/feature/keycloak-oidc-demo
>> > See the recent commits in the feature/keycloak-oidc-demo branch.
>> >
>> > Cheers,
>> > Thomas
>> >
>> > 2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
>> >>
>> >> You can do that using direct access grants if you search the docs for
>> it.
>> >> However, we have native apps and just skinned our login pages to be
>> >> responsive and look great on mobile.
>> >>
>> >> The latter option is a better approach especially if you plan to
>> implement
>> >> 2FA.
>> >>
>> >> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com>
wrote:
>> >>>
>> >>> Hi Guys,
>> >>>
>> >>> We are building a system, including 3 subsystems for a big website.
>> >>> and iOS and Android app. We use KeyCloak as the SSO server for all
>> >>> subsystems, and then we also want to use KeyCloak for iOS and
Android
>> >>> as the login server. But for iOS, Android we want to use native
login
>> >>> page not the html page provide by KeyCloak adapter. but I read all
>> >>> documents and discussions, I didnt find a way how to implement it.
>> >>> Anybody can help me? thanks.
>> >>>
>> >>>
>> >>> Joey
>> >>> _______________________________________________
>> >>> keycloak-user mailing list
>> >>> keycloak-user(a)lists.jboss.org
>> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >>
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user(a)lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:03 a.m.
+1 Using the system browser is the proper way. SSO and everything ;)
Not sure keycloak.js does it properly though as it doesn't have support for
SSO AFAIK?
On 29 September 2016 at 12:14, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Let's be careful with using Webviews, for instance, Google will
soon block
any OAuth interactions that use the webviews (
https://developers.googleblog.com/2016/08/modernizing-oauth-
interactions-in-native-apps.html ) , instead they recommand using the
mobile browser. For Cordova apps, keycloak.js already works with
inappbrowser that opens a "external" browser, isolated from the app.
On Thu, Sep 29, 2016 at 11:35 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> I highly recommend using an embedded webview and not use native login and
> direct grant api. That is best practice both for Keycloak and OIDC in
> general.
>
> On 26 September 2016 at 05:21, Joey <huazonglin(a)gmail.com> wrote:
>
>> Thanks Guys, sorry for reply so late. I will try your solutions later.
>> thanks.
>>
>> On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
>> <thomas.darimont(a)googlemail.com> wrote:
>> > Hello,
>> >
>> > I adapted an Android based OpenID Connect Demo Application to work with
>> > Keycloak.
>> > In Keycloak I created a confidential client with direct access grants
>> as
>> > Scott described.
>> >
>> > https://github.com/thomasdarimont/android-openid-connect/tre
>> e/feature/keycloak-oidc-demo
>> > See the recent commits in the feature/keycloak-oidc-demo branch.
>> >
>> > Cheers,
>> > Thomas
>> >
>> > 2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com>:
>> >>
>> >> You can do that using direct access grants if you search the docs for
>> it.
>> >> However, we have native apps and just skinned our login pages to be
>> >> responsive and look great on mobile.
>> >>
>> >> The latter option is a better approach especially if you plan to
>> implement
>> >> 2FA.
>> >>
>> >> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com>
wrote:
>> >>>
>> >>> Hi Guys,
>> >>>
>> >>> We are building a system, including 3 subsystems for a big website.
>> >>> and iOS and Android app. We use KeyCloak as the SSO server for all
>> >>> subsystems, and then we also want to use KeyCloak for iOS and
Android
>> >>> as the login server. But for iOS, Android we want to use native
login
>> >>> page not the html page provide by KeyCloak adapter. but I read all
>> >>> documents and discussions, I didnt find a way how to implement it.
>> >>> Anybody can help me? thanks.
>> >>>
>> >>>
>> >>> Joey
>> >>> _______________________________________________
>> >>> keycloak-user mailing list
>> >>> keycloak-user(a)lists.jboss.org
>> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >>
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user(a)lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3:50 p.m.
Yes this is easily done on both platforms using custom URLs to handle the successful login
response and then do code to token in the application.
+ 1 for using the browser
Scott Rossillo
Smartling | Senior Software Engineer
srossillo(a)smartling.com
On Sep 30, 2016, at 3:03 AM, Stian Thorgersen
<sthorger(a)redhat.com> wrote:
+1 Using the system browser is the proper way. SSO and everything ;)
Not sure keycloak.js does it properly though as it doesn't have support for SSO
AFAIK?
On 29 September 2016 at 12:14, Sebastien Blanc <sblanc(a)redhat.com
<mailto:sblanc@redhat.com>> wrote:
Let's be careful with using Webviews, for instance, Google will soon block any OAuth
interactions that use the webviews (
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-...
<https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-...
) , instead they recommand using the mobile browser. For Cordova apps, keycloak.js already
works with inappbrowser that opens a "external" browser, isolated from the app.
On Thu, Sep 29, 2016 at 11:35 AM, Stian Thorgersen <sthorger(a)redhat.com
<mailto:sthorger@redhat.com>> wrote:
I highly recommend using an embedded webview and not use native login and direct grant
api. That is best practice both for Keycloak and OIDC in general.
On 26 September 2016 at 05:21, Joey <huazonglin(a)gmail.com
<mailto:huazonglin@gmail.com>> wrote:
Thanks Guys, sorry for reply so late. I will try your solutions later. thanks.
On Thu, Sep 22, 2016 at 8:39 PM, Thomas Darimont
<thomas.darimont(a)googlemail.com <mailto:thomas.darimont@googlemail.com>>
wrote:
> Hello,
>
> I adapted an Android based OpenID Connect Demo Application to work with
> Keycloak.
> In Keycloak I created a confidential client with direct access grants as
> Scott described.
>
>
https://github.com/thomasdarimont/android-openid-connect/tree/feature/key...
<https://github.com/thomasdarimont/android-openid-connect/tree/feature/key...
> See the recent commits in the feature/keycloak-oidc-demo branch.
>
> Cheers,
> Thomas
>
> 2016-09-22 13:57 GMT+02:00 Scott Rossillo <srossillo(a)smartling.com
<mailto:srossillo@smartling.com>>:
>>
>> You can do that using direct access grants if you search the docs for it.
>> However, we have native apps and just skinned our login pages to be
>> responsive and look great on mobile.
>>
>> The latter option is a better approach especially if you plan to implement
>> 2FA.
>>
>> On Thu, Sep 22, 2016 at 6:27 AM Joey <huazonglin(a)gmail.com
<mailto:huazonglin@gmail.com>> wrote:
>>>
>>> Hi Guys,
>>>
>>> We are building a system, including 3 subsystems for a big website.
>>> and iOS and Android app. We use KeyCloak as the SSO server for all
>>> subsystems, and then we also want to use KeyCloak for iOS and Android
>>> as the login server. But for iOS, Android we want to use native login
>>> page not the html page provide by KeyCloak adapter. but I read all
>>> documents and discussions, I didnt find a way how to implement it.
>>> Anybody can help me? thanks.
>>>
>>>
>>> Joey
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
3010
days inactive
3018
days old
8 comments
5 participants
participants (5)
-
Joey -
Scott Rossillo -
Sebastien Blanc -
Stian Thorgersen -
Thomas Darimont